Database of private messages and password data may be in the wild, admins warn.

Share this story

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.

"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."

User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site. Bitcoin Talk administrators are in the process of figuring out how the compromise happened and don't plan to restore service until after the security hole is plugged.

People who visited the site after it was hacked were greeted by cartoon images of missiles that appeared over Tchaikovsky's classical music opus 1812 Overture. A pop-up caption at one point read: "Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye."

Bitcoin Talk was one of the sites on which alleged Silk Road kingpin Ross William Ulbricht used his real identity to post messages. Federal prosecutors cited the post, which solicited an "IT pro in the Bitcoin community" to work on a venture-backed startup, as evidence that Ulbricht was the same person who went by the handle "Dread Pirate Roberts" and ran the $1.2 billion Silk Road bazaar.